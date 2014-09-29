By Eric Auchard
| LONDON, Sept 29
LONDON, Sept 29 Law enforcers in Europe need
greater powers to retain data for longer in order to catch
cybercriminals selling discrete services that police cannot
trace under existing regulations, according to a Europol report
published on Monday.
Cybercrime is increasingly conducted by a highly specialised
chain of software break-in experts, underground market-makers
and buy-side fraudsters who convert stolen passwords and
identities into financial gains. Criminals can keep data for
months or even years before using it to defraud victims.
The study, entitled "The Internet Organised Crime Threat
Assessment" by the EU's criminal intelligence agency, says
because laws limit how much data can be held and for how long,
police cannot effectively trace and prosecute criminals.
Tougher laws for investigating and prosecuting cybercrime
also need to be harmonised across the bloc, the report said.
"The majority of intelligence and evidence for cyber
investigations comes from private industry. With no data
retention, there can be no attribution and therefore no
prosecutions," says Europol of criminals who often operate
beyond EU borders in Eastern Europe and beyond.
Europol also says the pool of cyberfraudsters is growing.
"Entry barriers into cybercrime are being lowered, allowing
those lacking technical expertise -- including traditional
organised crime groups -- to venture into cybercrime by
purchasing the skills and tools they lack," it said.
While providing no specific numbers, the agency says that
the scale of financial losses due to online fraud has surpassed
damages to payment from physical credit and other payment cards.
Losses are huge, not just for card issuers but also for
airlines, hotels and online retailers, the report states.
In other recommendations, it also warns about the abuse of
anonymous virtual currency schemes such as bitcoin, pointing to
a "considerable challenge in tracking such transactions or even
identifying activities such as money laundering".
The agency highlights the role of anonymous, private
networks, known as Darknets, in enabling a vast underground
trade in drugs, weapons, stolen goods, stolen personal and
payment card data, forged documents and child pornography.
Europol's report capitalises on a growing body of literature
from academic and private sector cyber threat researchers that
have traced the rise of such online criminal marketplaces
trading in billions of personal financial details.
"THE FUTURE IS ALREADY HERE"
Cybercriminals are cashing in on the latest Internet trends
such as Big Data, Cloud Computing and The Internet of Things,
allowing them to rent massive computing power to analyse vast
troves of data gathered from the ever-expanding range of
connected devices in homes, cars and on consumers themselves.
For example, the report finds that "Big Data" predictive
software is now used by criminals to identify the most lucrative
targets for credit card fraud and to improve methods of tricking
consumers into divulging more personal data for later attacks.
"The future is already here," the Europol study states.
The agency describes the rise of what it labels
"Crime-as-a-Service", running illicit activities via a network
of independent suppliers, mimicking parts of the "Software as a
Service" playbook that drives top Web companies, including
Salesforce, Amazon.com and Google.
Crime-as-a-Service offerings include:
* Data as a service collects huge volumes of compromised
financial data such as credit cards and bank account details and
bundles it with standard personal ID info. Such specialisation
allows the massive automation of both online and offline fraud.
* Pay-per-install, another service, is a means of
distributing malware to comprised computers, by country or
demographic, expediting both online and offline fraud because it
frees fraudsters from having to steal personal data themselves.
* Translation services, in which native speakers are hired
to convert phishing or spam attacks written in one language into
convincing, grammatically correct scripts in other tongues.
* Money laundering services act as bridges to cash out from
digital or physical world financial systems, often using money
mules as go-betweens.
(Editing by Louise Ireland)